RC5

The RC5 block cipher has a word-oriented architecture for variable word sizes w = 16, 32, or 64 bits. It has an extremely compact description, and is suitable for hardware or software. The number of rounds r and the key byte-length b are also variable. It is successively more completely identified as RC5-w, RC5-w/r, and RC5-w/r/b. RC5-32/12/16 is considered a common choice of parameters; r = 12 rounds are recommended for RC5-32, and r = 16 for RC5-64.

Algorithm specifies RC5. Plaintext and ciphertext are blocks of bitlength 2w. Each of r rounds updates both w-bit data halves, using 2 subkeys in an input transformation and 2 more for each round. The only operations used, all on w-bit words, are addition mod
2w (), XOR (), and rotations (left and right ). The XOR operation is linear, while
the addition may be considered nonlinear depending on the metric for linearity. The data dependent rotations featured in RC5 are the main nonlinear operation used: x y denotes
cyclically shifting a w-bit word left y bits; the rotation-count y may be reduced mod w (the low-order lg(w) bits of y suffice). The key schedule expands a key of b bytes into 2r + 2 subkeys Ki of w bits each. Regarding packing/unpacking bytes into words, the byte-order is little-endian: for w = 32, the first plaintext byte goes in the low-order end of A, the fourth in A's high-order end, the fifth in B's low order end, and so on.